PolicyAsCode

This blog is a minimalist example of a Hashicorp Sentinel policy to check the content of a string variable. I’ve struggled a bit to write my first policy and had difficulties understanding the elements required. Nico Vibert’s blog has helped a lot. Hashicorps sentinel policy are policies as code that will allow you to control what users are pushing through Terraform Enterprise/Cloud. This is a paid feature, Open Policy Agent is the open source alternative.

In this third and last post of the serie, I will describe how to move the Sentinel policy into the production environment. This serie is made of 3 posts: The policy The test environment The production environment THE PRODUCTION ENVIRONMENT When your policy is ready, you need to deploy it into production. You can write a policy set that you will store to a VCS (version control system) or you can add the policy individually in the GUI and attach it to the a policy set that you would have created on the GUI.

In this second post of the serie, I will describe the steps I have done to set up the test environment to test my Sentinel policy. This serie is made of 3 posts: The policy The test environment The production environment THE TEST ENVIRONMENT When we develop the policy it will be very difficult to push a configuration to see if the policy behaves like we want. Hashicorp provide a test environment to ease the development of the policies.